{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-37168", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-06-03T17:29:38.330Z", "datePublished": "2024-06-10T21:32:06.403Z", "dateUpdated": "2024-08-02T03:50:55.550Z"}, "containers": {"cna": {"title": "@grpc/grpc-js can allocate memory for incoming messages well above configured limits", "problemTypes": [{"descriptions": [{"cweId": "CWE-789", "lang": "en", "description": "CWE-789: Memory Allocation with Excessive Size Value", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/grpc/grpc-node/security/advisories/GHSA-7v5v-9h63-cj86", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/grpc/grpc-node/security/advisories/GHSA-7v5v-9h63-cj86"}, {"name": "https://github.com/grpc/grpc-node/commit/08b0422dae56467ecae1007e899efe66a8c4a650", "tags": ["x_refsource_MISC"], "url": "https://github.com/grpc/grpc-node/commit/08b0422dae56467ecae1007e899efe66a8c4a650"}, {"name": "https://github.com/grpc/grpc-node/commit/674f4e351a619fd4532f84ae6dff96b8ee4e1ed3", "tags": ["x_refsource_MISC"], "url": "https://github.com/grpc/grpc-node/commit/674f4e351a619fd4532f84ae6dff96b8ee4e1ed3"}, {"name": "https://github.com/grpc/grpc-node/commit/a8a020339c7eab1347a343a512ad17a4aea4bfdb", "tags": ["x_refsource_MISC"], "url": "https://github.com/grpc/grpc-node/commit/a8a020339c7eab1347a343a512ad17a4aea4bfdb"}], "affected": [{"vendor": "grpc", "product": "grpc-node", "versions": [{"version": ">= 1.10.0, < 1.10.9", "status": "affected"}, {"version": ">= 1.9.0, < 1.9.15", "status": "affected"}, {"version": "< 1.8.22", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-06-10T21:32:06.403Z"}, "descriptions": [{"lang": "en", "value": "@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the `grpc.max_receive_message_length` channel option: If an incoming message has a size on the wire greater than the configured limit, the entire message is buffered before it is discarded; and/or if an incoming message has a size within the limit on the wire but decompresses to a size greater than the limit, the entire message is decompressed into memory, and on the server is not discarded. This has been patched in versions 1.10.9, 1.9.15, and 1.8.22.\n"}], "source": {"advisory": "GHSA-7v5v-9h63-cj86", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "grpc", "product": "grpc", "cpes": ["cpe:2.3:a:grpc:grpc:1.10.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.10.0", "status": "affected", "lessThan": "1.10.9", "versionType": "custom"}, {"version": "1.9.0", "status": "affected", "lessThan": "1.9.15", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "1.8.22", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-11T14:03:13.988919Z", "id": "CVE-2024-37168", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T14:05:45.075Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:50:55.550Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/grpc/grpc-node/security/advisories/GHSA-7v5v-9h63-cj86", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/grpc/grpc-node/security/advisories/GHSA-7v5v-9h63-cj86"}, {"name": "https://github.com/grpc/grpc-node/commit/08b0422dae56467ecae1007e899efe66a8c4a650", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/grpc/grpc-node/commit/08b0422dae56467ecae1007e899efe66a8c4a650"}, {"name": "https://github.com/grpc/grpc-node/commit/674f4e351a619fd4532f84ae6dff96b8ee4e1ed3", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/grpc/grpc-node/commit/674f4e351a619fd4532f84ae6dff96b8ee4e1ed3"}, {"name": "https://github.com/grpc/grpc-node/commit/a8a020339c7eab1347a343a512ad17a4aea4bfdb", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/grpc/grpc-node/commit/a8a020339c7eab1347a343a512ad17a4aea4bfdb"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/grpc/grpc-node/security/advisories/GHSA-7v5v-9h63-cj86", "name": "https://github.com/grpc/grpc-node/security/advisories/GHSA-7v5v-9h63-cj86", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/grpc/grpc-node/commit/08b0422dae56467ecae1007e899efe66a8c4a650", "name": "https://github.com/grpc/grpc-node/commit/08b0422dae56467ecae1007e899efe66a8c4a650", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/grpc/grpc-node/commit/674f4e351a619fd4532f84ae6dff96b8ee4e1ed3", "name": "https://github.com/grpc/grpc-node/commit/674f4e351a619fd4532f84ae6dff96b8ee4e1ed3", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/grpc/grpc-node/commit/a8a020339c7eab1347a343a512ad17a4aea4bfdb", "name": "https://github.com/grpc/grpc-node/commit/a8a020339c7eab1347a343a512ad17a4aea4bfdb", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:50:55.550Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-37168", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-11T14:03:13.988919Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:grpc:grpc:1.10.0:*:*:*:*:*:*:*"], "vendor": "grpc", "product": "grpc", "versions": [{"status": "affected", "version": "1.10.0", "lessThan": "1.10.9", "versionType": "custom"}, {"status": "affected", "version": "1.9.0", "lessThan": "1.9.15", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "1.8.22", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T14:05:40.662Z"}}], "cna": {"title": "@grpc/grpc-js can allocate memory for incoming messages well above configured limits", "source": {"advisory": "GHSA-7v5v-9h63-cj86", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "grpc", "product": "grpc-node", "versions": [{"status": "affected", "version": ">= 1.10.0, < 1.10.9"}, {"status": "affected", "version": ">= 1.9.0, < 1.9.15"}, {"status": "affected", "version": "< 1.8.22"}]}], "references": [{"url": "https://github.com/grpc/grpc-node/security/advisories/GHSA-7v5v-9h63-cj86", "name": "https://github.com/grpc/grpc-node/security/advisories/GHSA-7v5v-9h63-cj86", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/grpc/grpc-node/commit/08b0422dae56467ecae1007e899efe66a8c4a650", "name": "https://github.com/grpc/grpc-node/commit/08b0422dae56467ecae1007e899efe66a8c4a650", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/grpc/grpc-node/commit/674f4e351a619fd4532f84ae6dff96b8ee4e1ed3", "name": "https://github.com/grpc/grpc-node/commit/674f4e351a619fd4532f84ae6dff96b8ee4e1ed3", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/grpc/grpc-node/commit/a8a020339c7eab1347a343a512ad17a4aea4bfdb", "name": "https://github.com/grpc/grpc-node/commit/a8a020339c7eab1347a343a512ad17a4aea4bfdb", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the `grpc.max_receive_message_length` channel option: If an incoming message has a size on the wire greater than the configured limit, the entire message is buffered before it is discarded; and/or if an incoming message has a size within the limit on the wire but decompresses to a size greater than the limit, the entire message is decompressed into memory, and on the server is not discarded. This has been patched in versions 1.10.9, 1.9.15, and 1.8.22.\n"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-789", "description": "CWE-789: Memory Allocation with Excessive Size Value"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-06-10T21:32:06.403Z"}}}, "cveMetadata": {"cveId": "CVE-2024-37168", "state": "PUBLISHED", "dateUpdated": "2024-08-02T03:50:55.550Z", "dateReserved": "2024-06-03T17:29:38.330Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-06-10T21:32:06.403Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the `grpc.max_receive_message_length` channel option: If an incoming message has a size on the wire greater than the configured limit, the entire message is buffered before it is discarded; and/or if an incoming message has a size within the limit on the wire but decompresses to a size greater than the limit, the entire message is decompressed into memory, and on the server is not discarded. This has been patched in versions 1.10.9, 1.9.15, and 1.8.22.\n"}, {"lang": "es", "value": "@grpc/grps-js implementa la funcionalidad principal de gRPC exclusivamente en JavaScript, sin un complemento de C++. Antes de las versiones 1.10.9, 1.9.15 y 1.8.22, existen dos rutas de c\u00f3digo separadas en las que se puede asignar memoria por mensaje que exceda la opci\u00f3n de canal `grpc.max_receive_message_length`: si un mensaje entrante tiene un tama\u00f1o en el cable es mayor que el l\u00edmite configurado, todo el mensaje se almacena en el b\u00fafer antes de descartarlo; y/o si un mensaje entrante tiene un tama\u00f1o dentro del l\u00edmite del cable pero se descomprime a un tama\u00f1o mayor que el l\u00edmite, el mensaje completo se descomprime en la memoria y no se descarta en el servidor. Esto se ha parcheado en las versiones 1.10.9, 1.9.15 y 1.8.22."}], "id": "CVE-2024-37168", "lastModified": "2024-11-21T09:23:20.993", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-06-10T22:15:12.433", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/grpc/grpc-node/commit/08b0422dae56467ecae1007e899efe66a8c4a650"}, {"source": "security-advisories@github.com", "url": "https://github.com/grpc/grpc-node/commit/674f4e351a619fd4532f84ae6dff96b8ee4e1ed3"}, {"source": "security-advisories@github.com", "url": "https://github.com/grpc/grpc-node/commit/a8a020339c7eab1347a343a512ad17a4aea4bfdb"}, {"source": "security-advisories@github.com", "url": "https://github.com/grpc/grpc-node/security/advisories/GHSA-7v5v-9h63-cj86"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/grpc/grpc-node/commit/08b0422dae56467ecae1007e899efe66a8c4a650"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/grpc/grpc-node/commit/674f4e351a619fd4532f84ae6dff96b8ee4e1ed3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/grpc/grpc-node/commit/a8a020339c7eab1347a343a512ad17a4aea4bfdb"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/grpc/grpc-node/security/advisories/GHSA-7v5v-9h63-cj86"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-789"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"bugzilla": {"description": "grps-js: allocate memory for incoming messages well above configured limits", "id": "2292036", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292036"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-789", "details": ["@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the `grpc.max_receive_message_length` channel option: If an incoming message has a size on the wire greater than the configured limit, the entire message is buffered before it is discarded; and/or if an incoming message has a size within the limit on the wire but decompresses to a size greater than the limit, the entire message is decompressed into memory, and on the server is not discarded. This has been patched in versions 1.10.9, 1.9.15, and 1.8.22.", "A flaw was found in grps-js, which implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the `grpc.max_receive_message_length` channel option. If an incoming message has a size on the wire greater than the configured limit, the entire message is buffered before it is discarded. If an incoming message has a size within the limit on the wire but decompresses to a size greater than the limit, the entire message is decompressed into memory, and on the server is not discarded. This issue has been patched in versions 1.10.9, 1.9.15, and 1.8.22."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-37168", "package_state": [{"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Will not fix", "package_name": "openresty", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Not affected", "package_name": "rhdh-operator-container", "product_name": "Red Hat Developer Hub"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Will not fix", "package_name": "rhdh/rhdh-hub-rhel9", "product_name": "Red Hat Developer Hub"}], "public_date": "2024-06-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-37168\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-37168\nhttps://github.com/grpc/grpc-node/security/advisories/GHSA-7v5v-9h63-cj86"], "threat_severity": "Moderate"}

{}